RELAYTO Endpoints Penetration Test Results (39/101)

Pass Linux/Cdorked.A Backdoor 13 May 2013 10 (v2) Critical Pass GitLab 0.8.0 < 14.4.1 Code Injection CVE-2021-39908 20 Apr 2022 7.5 (v3) High Pass GitLab 13.7.0 < 14.2.6 / 14.3.0 < 14.3.4 / 14.4.0 < 14.4.1 Denial of Service CVE-2021-39912 20 Apr 2022 5.3 (v3) Medium Pass GitLab 13.7.0 < 14.2.6 / 14.3.0 < 14.3.4 / 14.4.0 < 14.4.1 Denial Of Service CVE-2021-39907 20 Apr 2022 5.3 (v3) Medium Pass Cisco Web Security Appliance Privilege Escalation (cisco-sa-scr-web-priv-esc-k3HCGJZ) CVE-2021-1359 15 Jul 2021 8.8 (v3) High Pass StruxureWare SCADA Expert ClearSCADA Remote Security Bypass CVE-2014-5412 05 Jan 2015 5 (v2) Medium Pass HPE Edgeline Infrastructure Manager Detection 24 Feb 2021 None Pass SolarWinds Orion Web Performance Monitor (WPM) Remote Detection 01 Mar 2021 None Pass Apache Tomcat 9.0.0.M1 < 9.0.43 Multiple Vulnerabilities CVE-2020-9484 CVE-2021-25122 CVE-2021-25329 05 Mar 2021 7.5 (v3) High Pass Symantec Veritas Enterprise Administrator Service (vxsvc) Multiple Integer Over fl ows CVE-2011-0547 20 Sep 2011 10 (v2) Critical Pass PRTG Network Monitor < 20.1.57.1745 Information Disclosure (direct check) CVE-2020-11547 04 Mar 2021 5.3 (v3) Medium Pass Atlassian Bitbucket Detection 28 Jun 2018 None Pass Oracle WebLogic IIOP JNDI Lookup RCE Direct Check CVE-2020-2551 15 Jul 2020 9.8 (v3) Critical Pass JBoss Remoting Detection 31 Jan 2019 None Pass Samhain SRP Protocol Implementation Authentication Bypass CVE-2009-4810 17 Mar 2009 5.8 (v2) Medium Pass DNP3 Link Layer Brute Force Addressing Disclosure 11 Dec 2006 5 (v2) Medium Pass DrayTek Vigor Detection 22 Oct 2020 None Pass OS Security Patch Assessment Failed 23 Jun 2006 None Pass Cisco IOS SYNful Knock Implant 25 Sep 2015 10 (v2) Critical Pass Janitza Multiple UMG Devices Remote Debug Interface RCE CVE-2015-3971 13 Jan 2016 7.3 (v3) High Pass Skype Stack Version Detection 11 Apr 2006 None Pass GitLab 12.0 < 14.3.6 / 14.4.0 < 14.4.4 / 14.5.0 < 14.5.2 DoS CVE-2021-39942 20 Apr 2022 6.5 (v3) Medium Pass GitLab 8.4 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.3 Incorrect Port Validation CVE-2021-39927 20 Apr 2022 4.3 (v3) Medium Pass GitLab 12.10 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 DoS CVE-2022-0151 20 Apr 2022 4.9 (v3) Medium Pass ProRat Detection 04 May 2016 10 (v2) Critical Pass GitLab 13.10 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 Unauthorized Access CVE-2022-0152 20 Apr 2022 6.5 (v3) Medium Pass GitLab 13.2 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 IP Restriction Bypass CVE-2022-0172 20 Apr 2022 6.5 (v3) Medium Pass WordPress Plugin LearnDash Detection 04 May 2020 None Pass GitLab < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.1 Expired Credentials CVE-2022-0093 20 Apr 2022 4.3 (v3) Medium Pass Cisco UCS Director Detection 31 Oct 2014 None Pass Cisco ADE-OS Prime Collaboration Provisioning Detection 29 Sep 2015 None Pass GitLab < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.1 Bad Input Validation CVE-2022-0124 20 Apr 2022 4.3 (v3) Medium Pass GitLab 7.7.x < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 CSRF CVE-2022-0154 20 Apr 2022 8 (v3) High Pass Cogent DataHub < 6.4.3 OPC Client Reconnection Saturation Remote DoS 15 Jun 2016 5 (v2) Medium Pass HP LoadRunner 11.52 Bu ff er Over fl ow RCE (uncredentialed check) CVE-2015-2110 04 Jun 2015 10 (v2) Critical Pass CoDeSys Authentication Bypass Directory Traversal CVE-2012-6068 CVE-2012-6069 02 Nov 2012 10 (v2) Critical Pass Siemens SIMATIC S7-1200 PLC < 4.1.3 XSRF CVE-2015-5698 08 Sep 2015 7.5 (v2) High Pass Solaris XDR RPC Request Handling RCE (April 2017 CPU) (EBBISLAND / EBBSHAVE) CVE-2017-3623 28 Sep 2017 10 (v3) Critical Pass Citrix SD-WAN Detection 25 Jan 2019 None Pass StruxureWare SCADA Expert ClearSCADA Weak Hashing Algorithm CVE-2014-5413 28 Jan 2015 5 (v2) Medium Pass Schneider Electric Accutech Manager 'RFManagerService' SQL Injection 15 Nov 2013 10 (v2) Critical Pass IGSS Data Server Directory Traversal Arbitrary File Access CVE-2011-1565 24 Mar 2011 5 (v2) Medium Pass Schneider Electric InduSoft Web Studio / InTouch Machine Edition < 8.1 RCE CVE-2017-14024 22 Jan 2018 9.8 (v3) Critical Pass AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE CVE-2019-6543 CVE-2019-6545 14 Feb 2019 9.8 (v3) Critical Pass Cisco IOS XE Software NETCONF Over SSH DoS (cisco-sa-ncossh-dos-ZAkfOdq8) CVE-2022-20692 21 Apr 2022 6.5 (v3) Medium Pass Juniper Junos OS DoS (JSA69493) CVE-2022-22185 22 Apr 2022 7.5 (v3) High Pass Oracle E-Business Suite (Apr 2022 CPU) CVE-2022-21468 CVE-2022-21477 22 Apr 2022 6.1 (v3) Medium Pass Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities (cisco-sa-cdb-cmicr-vulns-KJjFtNb) CVE-2022-20661 CVE-2022-20731 22 Apr 2022 6.8 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA69519) CVE-2022-22182 22 Apr 2022 6.1 (v3) Medium Pass Apache APISIX < 2.10.4 / 2.11.x < 2.12.1 RCE CVE-2022-24112 26 Apr 2022 9.8 (v3) Critical Pass WSO2 Multiple Products File Upload Remote Command Execution (CVE-2022-29464) CVE-2022-29464 26 Apr 2022 9.8 (v3) Critical Pass Advantech WebAccess Webeye ActiveX Control Stack Based Bu ff er Over fl ow Vulnerability CVE-2014-8388 12 Mar 2015 7.2 (v2) High Pass Cisco Uni fi ed Communications Products XSS (cisco-sa-cucm-xss-6MCe4kPF) CVE-2022-20788 27 Apr 2022 6.1 (v3) Medium Pass Apache APISIX Dashboard < 2.10.1 Authentication Bypass CVE-2021-45232 28 Apr 2022 9.8 (v3) Critical Pass Cisco Uni fi ed Communications Products Arbitrary File Write (cisco-sa-cucm-arb-write-74QzruUU) CVE-2022-20789 29 Apr 2022 6.5 (v3) Medium Pass Cisco Uni fi ed Communications Products Arbitrary File Read (cisco-sa-ucm- fi le-read-h8h4HEJ3) CVE-2022-20790 29 Apr 2022 6.5 (v3) Medium Pass Cisco Adaptive Security Appliance Software Software WebVPN Portal Access Rule Bypass (cisco-sa-asaftd-rule-bypass-P73ABNWQ) CVE-2020-3578 02 May 2022 6.5 (v3) Medium Pass Cisco Firepower Threat Defense Software WebVPN Portal Access Rule Bypass Vulnerability Vulnerability (cisco-sa-asaftd-rule-bypass-P73ABNWQ) CVE-2020-3578 02 May 2022 6.5 (v3) Medium Pass McAfee Web Gateway Detection 21 Mar 2014 None Pass Juniper Junos OS Vulnerability (JSA11190) 14 Jul 2021 7.5 (v3) High Pass OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities CVE-2022-1292 CVE-2022-1343 CVE-2022-1434 CVE-2022-1473 03 May 2022 9.8 (v3) Critical Pass Juniper Junos OS Vulnerability (JSA11182) 14 Jul 2021 8.8 (v3) High Pass Juniper Junos OS Vulnerability (JSA11192) 14 Jul 2021 6.2 (v3) Medium Pass Juniper Junos OS Multiple Vulnerabilities (JSA11200) CVE-2021-0283 CVE-2021-0284 14 Jul 2021 7.5 (v3) High Pass Visualware MyConnection Server Remote Agent Default Password 02 Apr 2015 7.5 (v2) High Pass Dell OpenManage Server Administrator Authentication Bypass (DSA-2021-040) CVE-2021-21513 20 Apr 2021 9.8 (v3) Critical Pass SCADA Engine BACnet OPC Server < 2.1.371.24 Multiple Vulnerabilities CVE-2015-0979 CVE-2015-0980 CVE-2015-0981 09 Apr 2015 9 (v2) High Pass QNAP Photo Station WebUI Detection 03 Oct 2018 None Pass Open Access Management Detection 29 Jul 2021 None Pass Grandstream Networks UCM6200 Series SQLi (Phone Web UI) CVE-2020-5722 05 May 2022 9.8 (v3) Critical Pass Grandstream Networks UCM6200 Series SQLi (SIP) CVE-2020-5722 05 May 2022 9.8 (v3) Critical Pass Java JMX Agent Insecure Con fi guration 10 Oct 2018 7.3 (v3) High Pass ManageEngine SharePoint Manager Plus < 4329 Multiple Vulnerabilities CVE-2022-24305 CVE-2022-24306 05 May 2022 9.8 (v3) Critical Pass Serv-U FTP Server <= 15.2.3 Hot fi x 1 Memory Escape Vulnerability CVE-2021-35211 15 Jul 2021 10 (v3) Critical Pass Atlassian Jira < 7.2.15 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF CVE-2017-9506 28 Jun 2018 6.1 (v3) Medium Pass Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling CVE-2005-2090 18 Nov 2011 5.3 (v3) Medium Pass Atlassian Crowd < 2.11.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF CVE-2017-9506 28 Jun 2018 6.1 (v3) Medium Pass Apache Tomcat RequestDispatcher Directory Traversal Arbitrary File Access CVE-2008-5515 18 Jun 2009 5.3 (v3) Medium Pass Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF CVE-2017-9506 28 Jun 2018 6.1 (v3) Medium Pass Kubernetes unprivileged API access 28 Jun 2018 8.8 (v3) High Pass Apache Tomcat 5.x < 5.5.21 Multiple Vulnerabilities CVE-2007-1358 CVE-2008-0128 CVE-2008-4308 11 Jun 2010 5.3 (v3) Medium Pass Apache Tomcat 6.x < 6.0.9 Information Disclosure CVE-2008-0128 11 Jun 2010 5.3 (v3) Medium Pass Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461 16 Jun 2010 5.3 (v3) Medium Pass Apache Tomcat < 6.0.18 Multiple Vulnerabilities CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 01 Jul 2010 5.3 (v3) Medium Pass Cisco IOS Version 27 Jul 2010 None Pass Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities CVE-2010-3718 CVE-2010-4172 CVE-2010-4312 CVE-2011-0013 14 Feb 2011 6.5 (v3) Medium Pass Apache Tomcat 7.x < 7.0.6 Manager Interface XSS CVE-2011-0013 14 Feb 2011 5.3 (v3) Medium Pass Apache Tomcat 7.0.12 / 7.0.13 Security Constraint Bypass CVE-2011-1582 18 May 2011 5.6 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (July 2011 CPU) CVE-2011-0811 CVE-2011-0816 CVE-2011-0822 CVE-2011-0830 CVE-2011-0831 CVE-2011-0832 CVE-2011-0835 CVE-2011-0838 CVE-2011-0848 CVE-2011-0852 CVE-2011-0870 CVE-2011-0875 CVE-2011-0876 CVE-2011-0877 CVE-2011-0879 CVE-2011-0 20 Jul 2011 7.1 (v2) High Pass Oracle Database Multiple Vulnerabilities (October 2005 CPU) CVE-2005-3202 CVE-2005-3203 CVE-2005-3204 CVE-2005-3205 CVE-2005-3206 CVE-2005-3207 16 Nov 2011 6.8 (v2) Medium Pass Oracle Database Multiple Vulnerabilities (July 2006 CPU) CVE-2006-3698 CVE-2006-3699 CVE-2006-3700 CVE-2006-3701 CVE-2006-3702 CVE-2006-3703 CVE-2006-3704 CVE-2006-3705 16 Nov 2011 10 (v2) Critical Pass Oracle Database Multiple Vulnerabilities (October 2006 CPU) CVE-2006-5332 CVE-2006-5333 CVE-2006-5334 CVE-2006-5335 CVE-2006-5336 CVE-2006-5337 CVE-2006-5338 CVE-2006-5339 CVE-2006-5340 CVE-2006-5341 CVE-2006-5342 CVE-2006-5343 CVE-2006-5344 CVE-2006-5345 16 Nov 2011 8.5 (v2) High Pass Oracle Database Multiple Vulnerabilities (January 2007 CPU) CVE-2007-0268 CVE-2007-0269 CVE-2007-0270 CVE-2007-0271 CVE-2007-0272 CVE-2007-0273 CVE-2007-0274 CVE-2007-0275 CVE-2007-0276 CVE-2007-0277 CVE-2007-0278 16 Nov 2011 8.5 (v2) High Pass Oracle Database Multiple Vulnerabilities (July 2007 CPU) CVE-2007-3853 CVE-2007-3854 CVE-2007-3855 CVE-2007-3856 CVE-2007-3857 CVE-2007-3858 CVE-2007-3859 16 Nov 2011 9 (v2) High Pass Oracle Database Multiple Vulnerabilities (July 2008 CPU) CVE-2008-2587 CVE-2008-2590 CVE-2008-2591 CVE-2008-2592 CVE-2008-2600 CVE-2008-2602 CVE-2008-2603 CVE-2008-2604 CVE-2008-2605 CVE-2008-2607 CVE-2008-2608 CVE-2008-2611 CVE-2008-2613 16 Nov 2011 6.5 (v2) Medium Pass Oracle Database Multiple Vulnerabilities (October 2008 CPU) CVE-2008-2624 CVE-2008-2625 CVE-2008-3976 CVE-2008-3980 CVE-2008-3982 CVE-2008-3983 CVE-2008-3984 CVE-2008-3989 CVE-2008-3990 CVE-2008-3991 CVE-2008-3992 CVE-2008-3994 CVE-2008-3995 CVE-2008-3996 CVE-2008-4005 16 Nov 2011 6.5 (v2) Medium Pass Oracle Database Multiple Vulnerabilities (January 2009 CPU) CVE-2008-3973 CVE-2008-3974 CVE-2008-3978 CVE-2008-3979 CVE-2008-3997 CVE-2008-3999 CVE-2008-4015 CVE-2008-5436 CVE-2008-5437 CVE-2008-5439 16 Nov 2011 6.5 (v2) Medium Pass Oracle Database Multiple Vulnerabilities (April 2009 CPU) CVE-2009-0972 CVE-2009-0973 CVE-2009-0975 CVE-2009-0976 CVE-2009-0977 CVE-2009-0978 CVE-2009-0979 CVE-2009-0980 CVE-2009-0981 CVE-2009-0984 CVE-2009-0985 CVE-2009-0986 CVE-2009-0988 CVE-2009-0991 CVE-2009-0992 CVE-2009-0 16 Nov 2011 8.5 (v2) High Pass Oracle Database Multiple Vulnerabilities (July 2009 CPU) CVE-2009-0987 CVE-2009-1015 CVE-2009-1019 CVE-2009-1020 CVE-2009-1021 CVE-2009-1963 CVE-2009-1966 CVE-2009-1967 CVE-2009-1968 CVE-2009-1969 CVE-2009-1970 CVE-2009-1973 16 Nov 2011 9 (v2) High Pass Apache Tomcat 7.x < 7.0.22 Multiple Vulnerabilities CVE-2011-3375 CVE-2011-3376 12 Dec 2011 5.3 (v3) Medium Pass Apache Tomcat 7.x < 7.0.23 Hash Collision DoS CVE-2011-4858 CVE-2012-0022 13 Jan 2012 5.3 (v3) Medium Pass Apache Tomcat 9.0.0 < 9.0.10 Multiple Vulnerabilites CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 24 Jul 2018 9.8 (v3) Critical Pass Apache Tomcat 8.5.0 < 8.5.32 Multiple Vulnerabilities CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 13 Jul 2018 9.8 (v3) Critical Pass Oracle Database Multiple Vulnerabilities (April 2012 CPU) CVE-2012-0510 CVE-2012-0511 CVE-2012-0512 CVE-2012-0519 CVE-2012-0520 CVE-2012-0525 CVE-2012-0526 CVE-2012-0527 CVE-2012-0528 CVE-2012-0534 CVE-2012-0552 CVE-2012-1708 19 Apr 2012 9 (v2) High Pass Apache Tomcat 8.0.0 < 8.0.53 Security Constraint Weakness CVE-2018-8014 CVE-2018-8034 13 Jul 2018 9.8 (v3) Critical Pass Oracle Database Multiple Vulnerabilities (July 2012 CPU) CVE-2012-1737 CVE-2012-1745 CVE-2012-1746 CVE-2012-1747 CVE-2012-3132 CVE-2012-3134 19 Jul 2012 6.8 (v2) Medium Pass Apache Tomcat 7.0.41 < 7.0.90 Multiple Vulnerabilities CVE-2018-8014 CVE-2018-8034 24 Jul 2018 9.8 (v3) Critical Pass Apache Tomcat 7.0.x < 7.0.28 Multiple DoS CVE-2012-2733 CVE-2012-4534 21 Nov 2012 5.3 (v3) Medium Pass Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 21 Nov 2012 5.3 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (April 2013 CPU) CVE-2013-1534 CVE-2013-1538 CVE-2013-1554 17 Apr 2013 10 (v2) Critical Pass Default Password 'admin123' for 'admin' Account 17 Jul 2018 9.8 (v3) Critical Pass SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3) CVE-2008-0960 14 Dec 2013 10 (v2) Critical 39

RELAYTO Endpoints Penetration Test Results - Page 39

RELAYTO Endpoints Penetration Test Results Page 38 Page 40